Skillv0.2.0

ClawScan security

CI Whisperer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 4:41 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do exactly what it says (fetch GitHub Actions runs via the GitHub CLI and propose fixes); no surprising network endpoints or extra credentials are requested, but there are a few minor inconsistencies and a real operational risk around secret-containing logs that users should be aware of.
Guidance: This skill is coherent with its stated purpose, but review the following before installing: 1) It relies on the GitHub CLI (`gh`) and your gh-authenticated account — the metadata didn’t declare that dependency, so ensure `gh` is present and authenticated. 2) Logs can contain secrets; the SKILL.md tells the agent to redact secrets but the helper script prints raw logs. Don’t enable automated PR creation (set CI_WHISPERER_WRITE=1) unless you trust the session and are prepared for the agent to create branches/PRs; enable it only for sessions where you want that behavior. 3) If you will allow PR creation, consider reviewing the generated diff/patch locally before pushing. If you want higher assurance, request the maintainer add automatic log-redaction and update metadata to declare `gh` and the optional env var.

Review Dimensions

Purpose & Capability: noteThe name/description match the included instructions and the bundled script: both rely on the GitHub CLI to fetch run metadata and failed logs and to optionally create branches/PRs. However, the registry metadata declares no required binaries or env vars even though SKILL.md and the script explicitly rely on the `gh` CLI and an optional env var `CI_WHISPERER_WRITE` — those runtime dependencies are not reflected in the metadata.
Instruction Scope: concernInstructions are narrowly scoped to fetching run details/logs and producing a report; PR creation is gated behind explicit user approval and the CI_WHISPERER_WRITE toggle. However, SKILL.md instructs the agent to redact secrets while the included script simply prints raw `gh run view --log-failed` output (no automatic redaction). That creates an operational risk: logs can contain secrets or tokens and the tool does not sanitize them automatically — the agent/user must do the redaction.
Install Mechanism: okNo install spec (instruction-only plus a small helper script). No downloads or external installers. Low risk from install mechanism.
Credentials: noteThe skill does not request secrets in metadata and relies on the host's `gh` authentication (user's GitHub credentials) — which is expected. The SKILL.md references an optional `CI_WHISPERER_WRITE` env var to enable write/PR mode, but this env var is not declared in the registry metadata (minor inconsistency). The bundled script itself does not read environment variables aside from preferring /usr/bin/gh.
Persistence & Privilege: okalways:false and no modification of other skill/system configurations. The skill does not request persistent or elevated privileges. Autonomous invocation is allowed (platform default) but is not combined with other red flags.